How To Restrict Access To 'install.php' Or 'update.php' Files In Drupal Website
https://www.zyxware.com/sites/default/files/styles/user_image/public/default_images/index.png?itok=dkp9qUXZ
BY sandeep.sasikumar
2 weeks ago
-Drupal

We have come across security issues where the 'install.php' or 'update.php' files present in the Drupal website are accessible even after setting up the website. We will need to make sure that access to these files is restricted. We will limit access to these files by adding the entries to the apache web server configuration or in the htaccess file.

Restricting Access To 'install.php' Or 'update.php' Files In Drupal

In Apache virtual host configuration,

RedirectMatch 403 "/(install|update).php"

OR

In htaccess, change the part as below.

# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|cron\.php|install\.php|update\.php|^(CHANGELOG|COPYRIGHT|INSTALL.*|LICENSE|MAINTAINERS|README|UPDATE).txt$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">

The htaccess entries also protect access to cron.php, update.php, web.config and txt files.


RELATED ARTICLE

/themes/custom/zyxpro_light/images/placeholder.png
close

on 11th June 2008 / by webmaster
Most of the web based systems that we build at Zyxware uses Drupal as the content framework. The following are the steps involved in setting up Apache, PHP, MySQL and Drupal on a freshly installed Ubuntu 8.04 system. If you follow the instructions you should be able to set it up as is but if you face problems let us know and we will try to help you. Technical Solution Ubuntu Apache php MySQL Drupal Tim (not verified) access_time 21 Sep 2021 - 17:07 I checked the apache2.conf file and the lines of code in step 9 do not appear. To this point i have followed the instructions exactly, until step 11. I even tried to add the code manually but the gedit /etc/apache2/apache2.conf didn't work. Any ideads what i may be doing wrong? I tried skipping over and finishing the steps but didn't work and i ended up reinstalling ubuntu and starting over. Now i don't want to move on till i get each step. Thanks for any help you can give me. Tim (not verified) access_time 21 Sep 2021 - 17:07 When i try to open the /var/www/sites/default/settings/php firefox just stries to download it, instead of open it... I can't figure out why. Kirri (not verified) access_time 21 Sep 2021 - 17:07 http://heriman.wordpress.com/2008/08/05/enabling-apache-user-home-publi… This way is much easier. We don't need to change the contents of apache2.conf and httpd.conf. I tested it. PlusNoob (not verified) access_time 21 Sep 2021 - 17:07 am wondering if this would work at all on f.ex FreeBSD, anyone who know? directory (not verified) access_time 21 Sep 2021 - 17:07 Step by step its looking easier I,ll try this if i found anything new I,ll definitely share with you grate work keep it on thanx for a valuable information the exchange board (not verified) access_time 21 Sep 2021 - 17:07 I have always found ubuntu easy to use as a desktop OS however as a server platform, it is different from other linux distros I have been used to. I am going to use your step by step guide to install apache/php/mysql & ubuntu and see whether it sways my preference ! Thanks for your post ;) Anonymous (not verified) access_time 21 Sep 2021 - 17:07 1) there is no sudo gedit /etc/apache2/httpd.conf file. 2) the first step is to install apache2 and the php module. then modify the apache config. then the last installs step is sudo apt-get install apache2 libapache2-mod-php5 php5-mysql php5-gd which redoes the apache2 install and makes no sense. Furthermore, when you install phpmyadmin, it installs mysql. My point is there is a lot of redundancy in this guide and it is not very clear. why not rework the ordering of the steps in this guide. I suggest get all the software, then do all the configuration. Anonymous (not verified) access_time 21 Sep 2021 - 17:07 How to install and configure a web development using Apache PHP MySQL making use of LVS using any linux platform poker (not verified) access_time 21 Sep 2021 - 17:07 Thanks so much for this tuto, i could have a lot of headaches trying to do it by myself, and must be a lot of complex to me, but you made it easy. Anto Jose (not verified) access_time 21 Sep 2021 - 17:07 Please add the following info to the instructions. [Concerning STEP 1] [Solution found at http://mohamedaslam.com/how-to-fix-apache-could-not-reliably-determine-… ] __________________________________________________________________ PROBLEM: In Step 1, While executing the line "sudo apt-get install apache2 libapache2-mod-php5", Apache server gives the following error: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName The same error appears when you try restarting apache. __________________________________________________________________ SOLUTION: To fix this, you need to edit the httpd.conf file. Open the terminal and type, sudo gedit /etc/apache2/httpd.conf By default httpd.conf file will be blank. Now, simply add the following line to the file. ServerName localhost Save the file and exit from gEdit. Finally restart the server. sudo /etc/init.d/apache2 restart This should solve the issue.
/themes/custom/zyxpro_light/images/placeholder.png
more_horiz
close

on 10th September 2009 / by webmaster
We have been working with Drupal for the last 3 years now and we just love Drupal. Every day we work with it, we get more and more reasons to love it even more. As a token of our respect for this system, we have become official paid members of Drupal association. We can now proudly flaunt the association badges on our site. News Drupal Annuity (not verified) access_time 21 Sep 2021 - 17:07 Drupal is amazing, all my blogs use it way better than Joomla or Wordpress. DrupalFan (not verified) access_time 21 Sep 2021 - 17:07 In terms of functionality and the power the community offers. For a hardcore technical person drupal is more powerful than Joomla or Wordpress. However, aesthetically it is behind with Wordpress/Magneto and several others. webmaster access_time 21 Sep 2021 - 17:07 In reply to Drupal is Great by DrupalFan (not verified) Yes you are absolutely right. Drupal gives the hardcore programmer a lot of power and freedom. It is slightly behind Joomla and Wordpress in terms of looks but with more companies entering the fray such aspects are going to be a non issue in the near future. However it must be noted that drupal can be made to look like any design you have, only that there are not too many free themes that already look good. Esta Elio (not verified) access_time 21 Sep 2021 - 17:07 I have read a few of the articles on your website now, and I really like your style of blogging. I never thought I could have a good read by this time until I found out this site, It’s have been trusted by many individuals and business organization, it’s a open source management system and its codes are easily available for modifying and using. Anonymous (not verified) access_time 21 Sep 2021 - 17:07 Drupal is amazing. Anonymous (not verified) access_time 21 Sep 2021 - 17:07 I think drupal is better than wordpress. Elena (not verified) access_time 21 Sep 2021 - 17:07 Wow!! It's a wonderful news, used to be two years ago)))) But even now it's good news. I use drupal not so long time and I really like this open source content management platform))) Great post. Thanks for sharing. Anonymous (not verified) access_time 21 Sep 2021 - 17:07 Hey I know this is off topic but I was wondering if you knew of any widgets I could add to my blog that automatically tweet my newest twitter updates. Ive been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates. Anonymous (not verified) access_time 21 Sep 2021 - 17:07 thank you drupal for your existence...keep on flying .
/themes/custom/zyxpro_light/images/placeholder.png
close

on 28th September 2012 / by webmaster
Ecommerce sites blend easily with Drupal. Drupal has a solid collection of Ecommerce modules and themes that are ready to convert a site to an Ecommerce power house. Here are the top 5 Ecommerce Themes for Drupal. Checkout our list of Top 5 Free Business Themes for Drupal. If you are planning to build your next Ecommerce site using Drupal do get in touch with us. We provide a wide range of Drupal services including Drupal Commerce and Drupal Third Party Integration. Drupal Solution Drupal Ecommerce Themes Next Design Web (not verified) access_time 21 Sep 2021 - 17:07 Although you listed the best themes for drupal ecommerce site but now there are lots of other new are available.